Course Outline

BSCI - Building Scalable Cisco Internetworks v3.0 - Self-Paced e-Learning

In this course, you'll develop an advanced set of skills that enable you to optimize the configuration and deployment of a Cisco router-based internetwork. Learn the complex concepts and commands necessary to configure Cisco routers for scalable operation in large and/or growing internetworks. Whether your goal is to take your Cisco routing skills to the next level or to achieve CCNP or CCIP certification, this is the right course for you.

Course Outline

1. Network Requirements

2. Configuring EIGRP

• Introducing EIGRP
• Implementing and Verifying EIGRP
• Configuring Advanced EIGRP Options
• Configuring EIGRP Authentication
• Using EIGRP in an Enterprise Network

3. Configuring OSPF

• Introducing the OSPF Protocol
• OSPF Packet Types
• Configuring OSPF Routing
• OSPF Network Types
• Link State Advertisements
• Configuring OSPF Route Summarization
• Configuring OSPF Special Area Types
• Configuring OSPF Authentication

4. The IS-IS Protocol

• Introducing IS-IS and Integrated IS-IS Routing
• IS-IS Routing Operation
• Configuring Basic Integrated IS-IS

5. Manipulating Routing Updates

• Operating a Network Using Multiple IP Routing Protocols
• Configuring and Verifying Route Redistribution
• Controlling Routing Update Traffic
• Implementing Advanced IOS Features: Configuring DHCP

6. Configuring Basic BGP

• Explaining BGP Concepts and Terminology
• Explaining EBGP and IBGP
• Configuring Basic BGP Operations
• Selecting a BGP Path
• Using Route Maps to Manipulate Basic BGP Paths

7. Implementing IP Multicast

• Explaining Multicast
• IGMP and Layer 2 Issues
• Explaining Multicast Routing Protocols
• Multicast Configuration and Verification

8. Implementing IPv6

• Introducing IPv6
• Defining IPv6 Addressing
• Implementing Dynamic IPv6 Addresses
• Using IPv6 with OSPF and Other Routing Protocols
• Using IPv6 with IPv4

BCMSN - Building Cisco Multilayer Switched Networks v3.0 - Self-Paced e-Learning

Learn to implement campus networks using multilayer switching technologies over high-speed Ethernet and wireless topologies. This course addresses the integration of routing and switching technologies to create an efficient campus network. Design, build, and configure a campus network with device and link redundancy for high reliability, while maintaining the performance to meet today's demanding application requirements, such as voice, video, and secure wireless technologies. Learn to choose and configure the necessary Layer 2 and 3 protocols and features to guarantee constant access.

Technologies such as Spanning Tree, Rapid Spanning Tree (802.1W), Multiple Spanning Tree (802.1S), Uplinkfast and Backbonefast will be covered in detail to determine how to optimize a network's convergence times in the event a physical path fails. Also learn how to get more bandwidth between network devices by configuring EtherChannel. Learn the advantages of and how to configure and troubleshoot HSRP, convergence of voice, video and data in a real-time environment, and QoS. Configure basic security options such as 802.1x, Port security, BPDU guard, and DHCP spoof attack prevention.

Course Outline

1. Introduction to Campus Networks

• Course Introduction
• Campus Networks as Part of an Enterprise Network
• Devices in a Nonhierarchical Network
• Layer 2 Network Issues
• Routed Network Issues
• What is a Multilayer Switch?
• Issues with Multilayer Switches and VLANs in a Nonhierarchical Network
• The Enterprise Composite Model
  • Building Access
  • Building Distribution
  • Server Farm Module
  • Campus Core
  • Network Management
• Benefits of the Enterprise Composite Model
• Campus Infrastructure Module

2. Defining Virtual Networks (VLANs)

• Best Practices for VLAN Topologies
  • Issues in a Poorly Designed Network
  • Grouping Business Functions into VLANs
  • Interconnection Technologies
  • Determining Equipment and Cabling Needs
  • Mapping VLANs in a Hierarchical Network
  • Considering Traffic Source to Destination
  • Reviewing Switch Configuration Interfaces
• Implementing VLANs
  • Benefits of VLANs in an Enterprise Network
  • Local VLANs
  • End-to-End VLANs
  • VLAN Configuration Modes
  • VLAN Access Ports
  • VLAN Implementation Commands
  • Implementing a VLAN
• Implementing Trunks
  • VLAN Trunks
  • ISL Trunking
  • 802.1Q Trunking
  • 802.1Q Native VLANs
  • Issues with 802.1Q Native VLANs
  • VLAN Ranges
  • Trunking Configuration Commands
  • Configuring Trunking
  • Setting Dynamic Trunking Protocol (DTP)
• Propagating VLAN Configurations with VTP
  • VTP Domains
  • VTP Protocol
  • VTP Modes
  • VTP Pruning
  • VTP Operation
  • VTP Configuration Commands
  • Configuring a VTP Management Domain
  • Adding New Switches to an Existing VTP
• Correcting Common VLAN Configuration Errors
  • Issues with 802.1Q Native VLANS
  • Resolving Trunk Link Problems

3. Implementing Spanning Tree

• Spanning Tree Protocol
  • Transparent Bridges
  • Identifying Traffic Loops
  • Loop Free Network
  • 802.1D Spanning Tree Protocol
  • Root Bridge
  • Port Roles
  • Enhancements to STP
• Preventing STP Forwarding Loops
  • Unidirectional Link Detection
  • Loop Guard
  • Preventing STP Failures Due to Unidirectional Links
  • Configuring UDLD and Loop Guard
• Implementing Rapid Spanning Tree Protocol (RSTP)
  • RSTP
  • RSTP Port States
  • RSTP Port Roles
  • Edge Ports
  • RSTP Link Types
  • RSTP BPDU
  • RSTP Proposal and Agreement Process
  • RSTP Topology Change
  • RSTP Implementation Commands
  • Implementing RSTP Commands
• Implementing the Multiple Spanning Tree Protocol (MSTP)
  • MSTP
  • MSTP Regions
  • Extended System ID
  • Interacting between MSTP Regions and 802.1Q
  • MSPT Implementation Commands
  • Configuring and Verifying MSTP
• Configuring Link Aggregation and EtherChannel
  • EtherChannel
  • PAgP and LACP Protocols
  • EtherChannel Configuration
  • Configuring Port Channels using EtherChannel
  • Configuring Load Balancing over EtherChannel

4. Implementing InterVLAN Routing

• Routing Between VLANs
  • Multilayer Switching
  • Layer 2 Switch Forwarding Process
  • Inter-VLAN Routing using an External Router
  • Inter-VLAN Routing using External Router Configuration Commands
  • Configuring Inter-VLAN Routing using an External Router
• Deploying CEF-Based Multilayer Switching
  • Layer 3 Switching
  • CEF-Based Multilayer Switches
  • Multilayer Switch Packet Forwarding Process
  • CEF Configuration Commands
  • Enabling CEF-Based Multilayer Switching
  • Common CEF problems and Solutions
  • CEF Troubleshooting Commands
  • Troubleshooting CEF-Based Multilayer Switching
• Enabling Routing Between VLANs
  • Layer 3 Switch Virtual Interfaces
  • Routed Interfaces on a Multilayer Switch
  • Configuration Commands for Inter-VLAN Communication on a Multilayer Switch
  • Configuring Inter-VLAN Routing on a Multilayer Switch

5. Implementing High Availability in a Campus Environment

• Configuring Layer 3 Redundancy with HSRP
  • Router Redundancy Process
  • Routing Issues
  • HSRP
  • HSRP Operations
  • HSRP States
  • HSRP Configuration Commands
  • Enabling HSRP
  • HSRP Optimization Options
  • Tuning HSRP Operations
  • HSRP Debug Commands
  • Debugging HSRP Operations
• Configuring Layer 3 Redundancy with VRRP and GLBP
  • Virtual Router Redundancy
  • VRRP Operations Process
  • Gateway Load Balancing Protocol
  • GLBP Operations Process
  • VRRP and GLBP Configuration
  • Enabling VRRP and GLBP

6. Wireless Client Access

• Introducing Wireless LANs (WLANs)
  • WLANs
  • Similarities Between a LAN and a WLAN
  • Differences Between a LAN and WLAN
  • WLAN Components
  • WLAN Technology Implementations
  • Building Blocks of AP WLAN Topologies
  • Building Blocks of Bridging WLAN Topologies
  • Topology Implementations
• Wireless Theory and Standards
  • Radio Frequency (RF) Basics
  • WLAN Math
  • Types of Antennas
  • Regulatory Agencies Governing WLANs
  • Operational Standards of IEEE 802.11
  • IEEE 802.11 Standards in the 2.4GHz Band
  • IEEE 802.11a
  • Comparing the 802.11 Standards
• Implementing WLANs
  • 802.11b/g Channel Reuse
  • 802.11a Channel Reuse
  • WLAN as a Shared Medium - Best Practices
  • Bridging Path Considerations
  • Power Implementation
• Cisco WLAN
  • Enterprise WLAN Issues
  • Overview of Cisco WLAN
  • Comparing Autonomous and Lightweight WLAN
  • Comparing Core and Advanced Feature Roaming
  • Split MAC Architecture
  • LWAPP AP Association
  • Mixing WLAPP with Autonomous APs
• Cisco Wireless Clients
  • Wireless Client Association
  • Open Authentication
  • Pre-Shared Key Authentication (WEP)
  • Introducing WLAN Security
  • Cisco Client Cards
  • Cisco Compatible Extensions Program
• Configuring Basic WLAN
  • Available Interfaces for WLAN Configuration
  • Connect to Controller
  • Configuring the Controller
  • Verify Controller Configuration

7. Configuring Campus Switches to Support Voice

• Planning for Implementation of Voice in a Campus Network
  • Converged Network Benefits
  • VoIP Network Components
  • Traffic Characteristics of Voice and Data
  • VoIP Call Flow
  • Auxiliary VLANs
  • Quality of Service (QoS)
  • Importance of High Availability for VoIP
  • Power Requirements in Support of VoIP
• Accommodating Voice Traffic on Campus Switches
  • QoS Trust Boundaries
  • LAN-Based Classification and Marking
  • Basic Switch Commands to Support Attachment of a Cisco IP Phone
  • Configuring a Switch for the Attachment of a Cisco IP Phone
  • What is AutoQoS VoIP?
  • Configuring AutoQoS VoIP on a Catalyst Switch

8. Minimizing Service Loss and Data Theft in a Campus Network

• Switch Security Issues
  • Overview of Switch Security Concerns
  • Switch Attack Categories
  • MAC Flood Attack
  • Port Security
  • Port Security Configuration
  • Configuring Port Security on a Switch
  • Port Security with Sticky MAC Addresses
  • Unauthorized Access by Rogue Devices
  • 802.1x Port-Based Authentication
• Protecting Against VLAN Attacks
  • VLAN Hopping
  • Mitigating VLAN Hopping
  • VLAN Access Control Lists (VACLs)
  • Configuring VACLs
  • Private VLANs (PVLANs)
  • Configuring PVLANs
• Protecting Against Spoof Attacks
  • DHCP Spoof Attack
  • DHCP Snooping
  • DHCP Snooping Configuration Commands
  • Configuring DHCP Snooping
  • MAC Spoof Attack
  • Address Resolution Protocol
  • Commands to Configure Dynamic ARP Inspection
  • Protecting Against ARP Spoofing Attacks
• Securing Network Switches
  • Vulnerabilities in the Cisco Discovery Protocol
  • Vulnerabilities in the Secure Shell Protocol
  • Vulnerabilities in the Telnet Protocol
  • VTY ACLs
  • Commands to Apply ACLs to VTY
• STP Security Mechanisms
  • Protecting the Operation of STP
  • BPDU Guard Configuration
  • BPDU Filtering Configuration
  • Root Guard
  • Root Guard Configuration Commands
  • Configuring Root Guard

ONT - Optimizing Converged Cisco Networks - Self-Paced e-Learning

Learn techniques to optimize your network for voice and wireless. In this course, you will learn the characteristics of real-time multimedia traffic, such as voice, and you'll investigate the importance of Quality of Service (QoS) management on the network and learn about the application of wireless technologies to the enterprise. Get an introduction to Cisco's Lightweight Wireless Access Point architecture, and cover such areas as Wireless LAN (WLAN) configuration, QoS for wireless, and wireless security techniques for authentication and data encryption. You will also explore the management of WLAN Controllers across the enterprise using Cisco's Wireless Control System.

Course Outline

1. Network Requirements

2. Cisco VoIP Implementations

• Introducing VoIP Networks
  • Benefits of VoIP when compared to traditional circuit-switched telephony
  • Components of a VoIP network
  • Analog connectivity options for legacy equipment to connect to a VoIP network
  • Digital interface options to connect VoIP equipment to PBXs or the PSTN
  • Three stages of a call
  • Compare the concept of distributed call control, where a voice gateway provides call control functions, to that of centralized call control, where the call control process is run by a call agent, such as Cisco Unified CallManager
• Digitizing and Packetizing Voice
  • Converting analog signals to digital signals
  • Converting digital signals to analog signals
  • Why voice is sampled at 8,000 bps for telephone calls
  • How a signal is quantized and combined with the Nyquist theorem to yield a standard voice channel bit rate of 64,000 bps
  • Common voice compression standards including bandwidth requirements and voice quality measurement
  • Purpose of a DSP in a voice gateway
• Encapsulating Voice Packets for Transport
  • Transporting digitized voice packets across a network in an RTP voice bearer stream
  • Role of RTP and UDP in encapsulating voice for transport across a network
  • How and when to reduce header overhead with CRTP
• Calculating Bandwidth Requirements
  • How the number of voice samples that are encapsulated impacts bandwidth requirements
  • Overhead for various Layer 2 protocols
  • How IPsec and GRE/LT2P tunneling affect bandwidth overhead
  • Calculating the total bandwidth required for a VoIP call
  • Operation of VAD and bandwidth savings associated with the use of VAD
• Implementing Voice Support in an Enterprise Network
  • Given an enterprise network topology diagram, identify the components that are necessary for VoIP support
  • Voice capabilities available on Cisco ISRs
  • Role of a call agent, such as Cisco Unified CallManager, in a VoIP implementation
  • Main IP telephony deployment models that may be used in an enterprise
  • Given a show running-config output from a Cisco router configured as a voice gateway, identify the sections of the configuration that are related to the voice implementation on the router
  • How CAC prevents calls from crossing overly busy links and how such calls can be rerouted by mechanisms, such as AAR, instead of simply being blocked

3. Introduction to IP QoS

• Introducing QoS
  • Four key quality issues with converged networks
  • How a lack of bandwidth can adversely impact a network and ways to effectively increase bandwidth on a link
  • How end-to-end delay can adversely impact a network and ways to effectively reduce delay
  • How packet loss can adversely impact a network and ways to manage packet loss so QoS is not affected
  • Defining QoS with respect to traffic in a network
  • Three key steps involved in implementing a QoS policy on a network
  • How traffic is recognized by type in a network and how those types resolve to QoS traffic classes
  • Defining QoS policies after traffic classes have been defined
• Identifying Models for Implementing QoS
  • Models for providing QoS on a network
  • Key features of the Best Effort model for QoS
  • Key features of the IntServ model for QoS
  • How RSVP enables the IntServ model to provide end-to-end QoS
  • Key features of the DiffServ model for QoS
• Methods for Implementing QoS
  • Methods for configuring and monitoring QoS on a network
  • CLI (nonmodularized) method of configuring QoS
  • The Modular QoS CLI (MQC) method of configuring QoS
  • AutoQoS methods of configuring QoS
  • Cisco SDM QoS wizard, including how to access and use it to configure basic QoS functions
• Advantages

4. Implement the DiffServ QoS Model

• Introducing Classification and Marking
  • Purpose of packet classification
  • Purpose of packet marking
  • IP packet classification and marking at the data link layer
  • Purpose and function of the DiffServ model
  • Interoperability between DSCP-based and IP-precedence-based devices in a network
  • How DSCP values are determined and assigned to different per-hop behaviors (PHBs)
  • DSCP settings in the DiffServ Model
  • Data link to network layer interoperability between QoS markings
  • The term "QoS service class" and how service classes can be used to create a service policy throughout a network
  • How link layer and network layer markings are used to define QoS service classes and the different applications represented by each of these service classes
  • Trust boundaries and how they are used with classification and marking
• Using NBAR for Classification
  • Cisco IOS protocol discovery and classification mechanism known as NBAR
  • Types of applications supported by NBAR
  • Purpose of PDLMs in NBAR
  • NBAR protocol discovery
  • Cisco IOS commands required to configure and monitor NBAR protocol discovery
  • Cisco IOS commands required to configure NBAR to recognize static port protocols
  • Cisco IOS commands required to configure NBAR to recognize TCP and UDP stateful protocols
• Introducing Queuing Implementations
  • Need for congestion management mechanisms
  • Queuing algorithms
  • FIFO queuing algorithm
  • Priority queuing (PQ) algorithm
  • Round-robin queuing algorithm and its variants
  • Primary components of a queuing mechanism
• Configuring WFQ
  • Detailed explanation of WFQ
  • Architecture and benefits of WFQ
  • Cisco IOS commands required to configure and monitor WFQ on a Cisco router
• Configuring CBWFQ and LLQ
  • Advanced queuing mechanisms of CBWFQ and LLQ
  • Detailed explanation of CBWFQ
  • Architecture and benefits of CBWFQ
  • Cisco IOS commands required to configure and monitor CBWFQ on a Cisco router
  • Detailed explanation of LLQ
  • Architectures and benefits of LLQ
  • Cisco IOS commands required to configure and monitor LLQ on a Cisco router
• Introducing Congestion Avoidance
  • Default mechanism for managing interface congestion with tail drop
  • Limitations of using tail drop as a congestion management mechanism
  • RED and how it can be used to prevent congestion
  • WRED and how it can be used to prevent congestion
  • Traffic profiles that are used in WRED implementations
  • Cisco IOS software commands that are required to configure CB-WRED
  • Cisco IOS software commands that are used to monitor CB-WRED
• Introducing Traffic Policing and Shaping
  • Purpose of traffic conditioning using traffic policing and traffic shaping
  • Benefits of traffic conditioning using traffic policing and traffic shaping
  • Features of traffic policing and traffic shaping
  • How a token bucket can be used by network devices to measure traffic rates
  • How traffic can be policed using a single token bucket scheme
  • Key traffic policing and shaping mechanisms available in Cisco IOS software and how each compares to the others
  • Points in a network where rate-limiting can most effectively be employed
• WAN Link Efficiency Mechanisms
  • Various link efficiency mechanisms and their functions
  • Purpose of Layer 2 payload compression and how Layer 2 payload compression affects throughput and delay
  • Purpose of header compression and how header compression affects throughput and delay
  • How VoIP packets are susceptible to increased latency when large packets, such as FTP transfers, traverse slow WAN links
  • LFI operation and how LFI reduces the delay and jitter of VoIP packets
  • Points in a network where link efficiency mechanisms can most effectively be employed
• Implementing QoS Pre-Classify
  • Purpose of VPNs
  • Purpose of pre-classification to support QoS in various VPN configurations
  • Situations where pre-classification is appropriate
  • VPN applications that support QoS pre-classification and situations where pre-classification is not appropriate
• Deploying End-to-End QoS
  • IP QoS SLA and SLA examples
  • Typical network requirements within each functional block which makes up an end-to-end network
  • Best practice QoS implementations and configurations within a campus LAN
  • Best practice QoS implementations and configurations on WAN CE and PE routers
  • Control Plane Policing (CoPP)

5. Implement AutoQoS

• Introducing AutoQoS
  • How AutoQoS is used to implement QoS policy
  • Prerequisites for using AutoQoS and how it is configured on a network using CLI
  • Verify that AutoQoS is functioning on a network
• Mitigating Common AutoQoS Problems
  • QoS technologies that are automatically implemented on the network using AutoQoS
  • Known problems with AutoQoS that users have had to contend with
  • Using the show commands, isolate areas in the running AutoQoS configuration where the known problems typically occur
• Modify the QoS configuration created by AutoQoS

6. Implement Wireless Scalability

• WLAN QoS Implementation
  • Need for WLAN QoS
  • WLAN QoS
  • Current WLAN QoS Implementation
  • Configure QoS features on lightweight APs using WLC
• Introducing 802.1x
  • Need for WLAN security standards and why WLAN security is so important
  • Difference between authentication and encryption
  • How enhanced 802.11 security improves on basic 802.11 security
  • Basic concepts of 802.1x authentication
  • EAP Cisco Wireless
  • EAP-FAST
  • EAP-TLS
  • EAP-PEAP
  • WPA authentication process
• Configuring Encryption and Authentication on Lightweight Access Points
  • Configuring open authentication on the controller
  • Configuring pre-shared key authentication on the controller
  • Configuring web authentication on the controller
  • Configuring 802.1x on the controller
• WLAN Management
  • Compare wireless solutions using autonomous to wireless solutions using lightweight APs, identifying how the two solutions come together for a complete unified wireless network
  • How Cisco implements WLANs
  • Hierarchy of components that are required to build a WLAN
  • Basic features of WLSE for wireless feature set using autonomous APs and related products
  • Basic features of Cisco WCS for wireless feature set using lightweight APs and related products
  • Cisco WCS tracking options
  • Using monitor tab functions to manage the WLAN
  • Function of the 2700 Location Appliance
  • Basic Cisco WCS configuration
  • Add, change, and use maps in the Cisco WCS database
  • Cisco WCS rogue AP methodology

ISCW - Implementing Secure Converged Wide Area Networks - Self-Paced e-Learning

In this course, you'll gain the knowledge and skills needed to secure Cisco IOS router networks, expand the reach of your enterprise network to teleworkers and remote sites, and explore implementing a highly available network with connectivity options such as VPN and wireless.

Course Outline

1. Network Requirements

• The IIN and the SONA framework
• Cisco conceptual network models, such as Cisco Enterprise Architecture and Cisco hierarchical network model
• Requirements for establishing secure remote connections in a converged network

2. Connect Teleworkers

• Topologies for Facilitating Remote Connections
  • Typical remote connections an enterprise network has to support
  • Challenges faced in connecting teleworkers to the enterprise network and the solutions that exist to address these challenges
• Cable Technology
  • Basic terminology and standards organizations that are relevant to cable technology
  • Components of a cable system that provide data services
  • Features of cable technology
  • How digital cable systems use the RF bands for signal transmission
  • How data services can be delivered over a cable network using an HFC architecture
  • Combination of technologies and components that make a cable system work
  • Provisioning a cable modem in a TCP/IP-based customer network
• DSL Technology
  • Features of DSL
  • Variants of DSL
  • Distance limitations of DSL
  • Basic facts of ADSL technology
  • How ADSL coexists with telephony service
  • CAP and DMT: the competing modulation standards for ADSL signaling
  • How data is transmitted over ADSL infrastructure with PPPoE
  • How data is transmitted over ADSL infrastructure with PPPoA
• Configuring the CPE as the PPPoE and PPPoA Client
  • Configure a Cisco router as a PPPoE client
  • Configure an ATM interface for PPPoE client operations
  • Configure the PPPoE DSL dialer interface
  • Configure PAT
  • Configure a DHCP server to allocate IP address to the users behind the client DSL router
  • Configure a static route
  • Review the output of various debug and show commands to verify the PPPoE operations
  • Step-by-step procedure to configure a PPPoA on the CPE router
  • Configure the DSL ATM interface
• Verifying Broadband ADSL Configurations
  • Bottom-up approach to troubleshoot a DSL connection problem
  • Isolate problems to Layer 1
  • Confirm an Administratively Down state
  • Confirm the correct DSL operating mode on the CPE router ATM interface
  • Isolate problems to Layer 2
  • Determine if data is being received from the ISP
  • Determine if PPP is negotiating successfully

3. Implement Frame-Mode MPLS

• Introducing MPLS Networks
  • Elements of the MPLS conceptual model
  • Router switching mechanisms
  • MPLS data and control planes
  • Structure of an MPLS label and its format
  • Function of different types of LSRs in MPLS networks
  • Interactions between the control plane and the data plane in an LSR that enable the basic functions of label switching and forwarding of labeled packets to occur
• Assigning MPLS Labels to Packets
  • Performing label allocation in a frame-mode MPLS network
  • Distributing labels in a frame-mode MPLS network
  • How the LFIB table is populated
  • Packet propagation across an MPLS network
  • How PHP improves MPLS performance by eliminating routing lookups on egress LSRs
• Implementing Frame-Mode MPLS
  • Configuring frame-mode MPLS on a Cisco IOS router
  • Enable IP CEF on a router as a step in implementing frame-mode MPLS
  • Enable MPLS on a frame-mode interface as a step in implementing frame-mode MPLS
  • Configure the MTU size in label switching as a step in implementing frame-mode MPLS
• MPLS VPN Technology
  • MPLS VPN architecture and how it improves on the traditional methods of overlay and peer-to-peer VPN
  • Components of an MPLS VPN and how they are interconnected to enable enterprise network connectivity between sites
  • How routing information is propagated across the P-network
  • End-to-end flow of routing updates in an MPLS VPN
  • MPLS VPN packet forwarding

4. IPsec VPNs

• IPsec Components and IPsec VPN Features
  • IPsec protocol and basic functions; advantages of IPsec VPNs over other types of VPNs
  • IKE protocols
  • IKE functionality
  • Two protocols that are used for IPsec
  • Message authentication and integrity check
  • Differences and the functionality between symmetric and asymmetric encryption algorithms
  • PKI
• Site-to-Site IPsec VPN Operations
  • Five steps of IPsec operation
  • Configuration of IPsec
  • Configuration of the ISAKMP parameters
  • Configuration to define the IPsec transform set, the crypto ACL, and the crypto map
  • Configuration to apply the crypto map to the interface
  • Configuration of the interface ACL for IPsec
• Configuring IPsec Site-to-Site VPN Using SDM
  • Navigating the site-to-site VPN wizard interface
  • Components that will be configured by the SDM site-to-site VPN wizard
  • Launching the site-to-site VPN wizard
  • Set the parameters of the site-to-site VPN tunnel
  • How SDM sets IKE policies
  • Select a transform set and associate additional transform sets as required
  • Define the traffic that the VPN protects
  • Complete the configuration by viewing the settings in the Summary window
• Configuring GRE Tunnels over IPsec
  • GRE
  • Purpose of a secure GRE tunnel
  • Components that will be configured by the SDM site-to-site VPN secure GRE tunnel wizard
  • Configure a backup GRE-over-IPsec tunnel that the router can use when the primary tunnel fails
  • Select the authentication method to be used on the VPN
  • Configure IKE using the SDM wizard
  • Configure the IPsec transform set using the SDM wizard
  • Configure dynamic or static routing over the GRE and IPsec tunnel
  • Complete the configuration by viewing the settings in the Summary window
• High Availability Options
  • How high availability of IPsec VPNs is achieved
  • Failover option of backup IPsec peers
  • Use of HSRP for IOS IPsec VPN resiliency
  • IPsec stateful failover
  • How a WAN connection can be backed up by using an IPsec VPN
• Configuring Cisco Easy VPN and Easy VPN Server Using SDM
  • General operation of Cisco Easy VPN including its benefits and the role of each of its components
  • Functionality provided by Cisco Easy VPN Server, concept of dynamic crypto maps, and functionality provided by Easy VPN Remote
  • Steps required to configure Cisco Easy VPN Server using SDM
  • Configure IKE using the SDM wizard
  • Configure the IPsec transform set using the SDM wizard
  • Locations where Easy VPN group policies can be stored
  • Locations where user records for Xauth can be stored
  • Configure local group policies
  • Complete the configuration by viewing the settings in the Summary window
• Implementing the Cisco VPN Client
  • Steps required to configure the software VPN client on a PC
  • Steps required to configure Cisco VPN Client

5. Cisco Device Hardening

• Mitigating Network Attacks
  • Cisco Self-Defending Network strategy
  • Types of attacks that enterprise networks must defend against
  • Mitigate reconnaissance attacks including packet sniffers, port scans, ping sweeps, and Internet information queries
  • Mitigate access attacks including password attacks, trust exploitation, buffer overflow, port redirection, and man-in-the-middle attacks
  • Mitigate DoS attacks including IP spoofing and DDoS
  • Mitigate worm, virus, and Trojan horse attacks
  • Mitigate application layer attacks
  • Vulnerabilities in configuration management protocols and recommendations for mitigating these vulnerabilities
  • Use open source tools to discover network vulnerabilities and threats
• Disabling Unused Cisco Router Network Services and Interfaces
  • Router services and interfaces that are vulnerable to network attack
  • Using the auto secure command to automate the process of locking down a Cisco router
  • Configure AutoSecure on a Cisco router
  • Compare the process of locking down a Cisco router with the CLI auto secure command and the One-Step Lockdown mode of the Security Audit wizard available in SDM
• Securing Cisco Router Installations and Administrative Access
  • Configuring passwords
  • Setting a login failure rate and using IOS login enhancements
  • Setting timeouts
  • Setting multiple privilege levels
  • Configuring banner messages
  • Role-based CLI and the commands required to configure basic CLI views
  • Secure the Cisco IOS boot image and configuration files
• Mitigating Threats and Attacks with Access Lists
  • Types and formats of IP ACLs used by routers to restrict access and filter packets
  • Apply ACLs to router interfaces
  • Using traffic filtering with ACLs to mitigate threats in a network
  • Implement ACLs to mitigate threats
  • Configure router ACLs to help reduce the effects of DDoS attacks
  • Combine many ACL functions into two or three larger ACLs
  • Some of the caveats to be considered when building ACLs
• Securing Management and Reporting Features
  • Factors you must consider when planning the secure management and reporting configuration of network devices
  • Factors that affect the architecture of secure management and reporting in terms of in-band and OOB information paths
  • Steps used to configure an SSH server for secure management and reporting
  • How the syslog function plays a key role in network security
  • How to configure syslog on Cisco routers using syslog router commands
  • Security features of SNMPv3
  • Configure SNMPv3 on a Cisco IOS router or a switch
  • Configure an NTP client including authentication in client mode
  • Configure a Cisco router as an NTP server
• Configuring AAA on Cisco Routers
  • Three components of AAA
  • AAA access modes
  • AAA RADIUS and TACACS+ protocols
  • Configure AAA login authentication on Cisco routers using CLI
  • Configure AAA login authentication on Cisco routers using SDM
  • Troubleshoot AAA on a Cisco perimeter router using the debug aaa command
  • AAA authorization and the commands that are required to configure it on Cisco routers
  • AAA accounting and the commands that are required to configure it on Cisco routers

6. Cisco IOS Threat Defense Features

• Introducing the Cisco IOS Firewall
  • Basic structure of a layered defense
  • Operational strengths and weaknesses of the three firewall technologies
  • Basic operation of a stateful firewall
  • Features of the Cisco IOS Firewall
  • How the Cisco IOS Firewall combines the features of packet inspection and proxy firewalls to provide an optimal security solution
  • Cisco IOS Firewall process
• Implementing Cisco IOS Firewalls
  • Configure Cisco IOS Firewall from the Cisco IOS CLI
  • When and how to use the Basic and Advanced Firewall Configuration wizards in SDM
  • Configure a basic firewall using SDM
  • Configure the interfaces on an advanced firewall using SDM
  • Configure a DMZ on an advanced firewall
  • Configure inspection rules
  • Complete the Advanced Firewall wizard configuration by viewing the settings in the Summary window
  • Use the SDM logging function to monitor firewall activity
• Introducing Cisco IOS IPS
  • Functions and operations of IDS and IPS systems and the difference between IDS and IPS
  • Types of IDS and IPS systems
  • Four types of IDS and IPS signatures
  • What happens when a signature is matched
• Configuring Cisco IOS IPS
  • Configure and verify IOS IPS using the CLI interface
  • Cisco IOS IPS tasks you can complete with SDM
  • Select interfaces and configure SDF locations within the SDM IPS Policies wizard
  • View the IPS policy summary and deliver the IPS configuration to the router using the SDM IPS Policies wizard
  • Configure IPS policies and global settings using the SDM
  • View SDEE messages in the SDM
  • Tune signatures using the SDM

BSCI, BCMSN, ONT, and ISCW Exam Vouchers

The CCNP e-Camp includes four exam vouchers, one for each exam: BSCI, BCMSN, ONT, and ISCW.

CCNP Practice Exam from Self Test Software (30-Day Online Access)

Be confident that you will pass the CCNP test! You will receive 30 days of access that will help sharpen your knowledge and realistically simulate the certification test. Your practice exam will include the following:

• Over 165 practice test questions with comprehensive explanations
• Learning Mode to practice questions and study explanations at your own pace
• Certification Mode to simulate the actual testing experience
• Over 335 flash cards to drill your knowledge on the technology